![]() If any of these two parts (user or device) didn’t pass the authentication step, no Azure AD PRT will be issued. In simple words, if the Cloud AP plugin is able to authenticate on behalf of the user (UPN and password or Windows Hello for Business PIN) to get the Azure AD access token and device is able to authenticate to Azure AD using the device registration state (MS-Organization-Access certificate) the Azure AD PRT will be issued to the user. The mentioned blog explains that the Azure AD PRT is initially obtained during user sign into the station. Here is official Microsoft documentation about Azure AD PRT.Īs explained in this blog – the Azure AD Primary Refresh Token (Azure AD PRT) is used during Azure AD CA policies evaluation to get the information about Windows 10 device registration state. ![]() With Azure AD Conditional Access (CA) policies you can control that only managed devices can access resources protected by Azure AD – Īs mentioned in the article above, you might require the devices the sign in is taking place from to be hybrid Azure AD joined. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |